Elementor Website Builder vulnerabilities
12 known vulnerabilities affecting elementor/elementor_website_builder.
Total CVEs
12
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM9LOW1
Vulnerabilities
Page 1 of 1
CVE-2022-29455P3MEDIUMCVSS 6.1PoC≤ 3.5.52022-06-13
CVE-2022-29455 [MEDIUM] CWE-79 CVE-2022-29455: DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builde
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.
nvd
CVE-2023-47504P3CRITICALCVSS 9.8≥ n/a, ≤ 3.16.42024-04-24
CVE-2023-47504 [CRITICAL] CWE-287 CVE-2023-47504: Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functi
Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.
nvd
CVE-2024-24934P3HIGHCVSS 8.1≥ n/a, ≤ 3.19.02024-05-17
CVE-2024-24934 [HIGH] CWE-22 CVE-2024-24934: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elem
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.This issue affects Elementor Website Builder: from n/a through 3.19.0.
nvd
CVE-2026-57619P3MEDIUMCVSS 6.5≥ n/a, ≤ 4.1.32026-06-25
CVE-2026-57619 [MEDIUM] CWE-862 CVE-2026-57619: Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
nvd
CVE-2026-49782P4MEDIUMCVSS 5.4≥ n/a, ≤ 4.1.02026-06-02
CVE-2026-49782 [MEDIUM] CWE-862 CVE-2026-49782: Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorre
Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Elementor Website Builder: from n/a through 4.1.0.
nvd
CVE-2024-50555P4MEDIUMCVSS 6.5≤ 3.29.02026-02-20
CVE-2024-50555 [MEDIUM] CWE-79 CVE-2024-50555: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.29.0.
nvd
CVE-2026-32352P4MEDIUMCVSS 6.5≤ 3.35.52026-03-13
CVE-2026-32352 [MEDIUM] CWE-79 CVE-2026-32352: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows DOM-Based XSS.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
nvd
CVE-2024-54444P4MEDIUMCVSS 5.4≤ 3.25.102025-02-25
CVE-2024-54444 [MEDIUM] CWE-79 CVE-2024-54444: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor allows Stored XSS.This issue affects Elementor Website Builder: from n/a through <= 3.25.10.
nvd
CVE-2024-37437P4MEDIUMCVSS 5.4≤ 3.22.12024-07-09
CVE-2024-37437 [MEDIUM] CWE-79 CVE-2024-37437: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder elementor.This issue affects Elementor Website Builder: from n/a through <= 3.22.1.
nvd
CVE-2025-67588P4MEDIUMCVSS 4.3≤ 3.33.02025-12-09
CVE-2025-67588 [MEDIUM] CWE-862 CVE-2025-67588: Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiti
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.33.0.
nvd
CVE-2023-33922P4MEDIUMCVSS 4.3≥ n/a, ≤ 3.13.22024-06-11
CVE-2023-33922 [MEDIUM] CWE-862 CVE-2023-33922: Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elemen
Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2.
nvd
CVE-2026-32445P4LOWCVSS 2.7≤ 3.35.52026-03-13
CVE-2026-32445 [LOW] CWE-862 CVE-2026-32445: Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiti
Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through <= 3.35.5.
nvd